It was discovered that curl, a client and library to get files from serversusing HTTP, HTTPS or FTP, is vulnerable to the "Null Prefix Attacks AgainstSSL/TLS Certificates" recently published at the Blackhat conference. Thisallows an attacker to perform undetected man-in-the-middle attacks via acrafted ITU-T X.509 certificate with an injected null byte in the CommonName field.

For the oldstable distribution (etch), this problem has been fixed inversion 7.15.5-1etch3.

For the stable distribution (lenny), this problem has been fixed inversion 7.18.2-8lenny3.

For the testing (squeeze) and unstable (sid) distribution, this problemwill be fixed soon.

We recommend that you upgrade your curl packages.

Upgrade instructions- --------------------

wget url will fetch the file for youdpkg -i file.deb will install the referenced file.

If you are using the apt-get package manager, use the line forsources.list as given below: